Bump helmet from 3.22.0 to 5.1.1 in /backend
Loading
Created by: dependabot[bot]
Bumps helmet from 3.22.0 to 5.1.1.
Sourced from helmet's changelog.
5.1.1 - 2022-07-23
Changed
5.1.0 - 2022-05-17
Added
Cross-Origin-Embedder-Policy
: supportcredentialless
policy. See #365- Documented how to set both
Content-Security-Policy
andContent-Security-Policy-Report-Only
Changed
- Cleaned up some documentation around
Origin-Agent-Cluster
5.0.2 - 2022-01-22
Changed
- Improve imports for CommonJS and ECMAScript modules. See #345
- Fixed some documentation
5.0.1 - 2022-01-03
Changed
- Fixed some documentation
Removed
- Removed some unused internal code
5.0.0 - 2022-01-02
Added
- ECMAScript module imports (i.e.,
import helmet from "helmet"
andimport { frameguard } from "helmet"
). See #320Changed
- Breaking:
helmet.contentSecurityPolicy
:useDefaults
option now defaults totrue
- Breaking:
helmet.contentSecurityPolicy
:form-action
directive is now set to'self'
by default- Breaking:
helmet.crossOriginEmbedderPolicy
is enabled by default- Breaking:
helmet.crossOriginOpenerPolicy
is enabled by default- Breaking:
helmet.crossOriginResourcePolicy
is enabled by default- Breaking:
helmet.originAgentCluster
is enabled by defaulthelmet.frameguard
: add TypeScript editor autocomplete. See #322- Top-level
helmet()
function is slightly faster
... (truncated)
0e95b6d
5.1.190a93b4
Update changelog for 5.1.1 release465a033
Add extensions to imported middlewares6183bee
Update devDependencies to latest versions9b88c00
Improve tests around various policies94a7468
CI should test on Node 189cfc287
Add "backend" keywordbc84ed2
Update devDependencies to latest versionsfd3e3a6
Update devDependencies to latest versionse6075e8
Fix formatting issue in dependabot YAMLDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)